On Sat, Dec 5, 2015 at 6:54 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Hubert Kario <hka...@redhat.com> writes: > >>miTLS does accept Application Data when it is send between Client Hello and >>Client Key Exchange and rejects it when it is sent between Change Cipher Spec >>and Finished. > > Given that miTLS is a formally verified implementation, would this imply that > there's a problem with the verification? "Beware of bugs in the above code; I > have only proved it correct, not tried it"?
Are you saying there is a security flaw with the behavior described? Because I don't believe there is after one adopts Extended Master Secret. (Someone more familiar with the security should check this) > > Peter. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
